[asterisk-users] How to enable TLS debugging or verbose logging with pjsip
Benoit Panizzon
benoit.panizzon at imp.ch
Tue Feb 27 09:13:47 CST 2018
Dear List
I try to get my clients to connect via TLS. First I did try Snom M9
phones. After looking at the Wireshark TLSv1 Handhake it became
obvious, that the M9 only supports old RC4 and similar ciphers, that are
not supported by openssl anymore.
So now I get my hands on a Cisco SPA112 ATA, which is also TLS capable
and does support a very nice long cipher list.
I use the same key and cert as for my webserver, which runs on the same
machine and thus has a valid CN in the cert. But anyway, the SPA112
does not check the Cert, as I found via google.
My transport looks like this:
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/apache2/server.crt
priv_key_file=/etc/apache2/server.key
;cipher=ADH-AES256-SHA,ADH-AES128-SHA
method=tlsv1
tos=cs3
cos=3
allow_reload=yes
Wireshark states 'TLSv1 Handshake Error' from the Asterisk Server as
soon as the client has sent it's cipher list.
I have enabled core verbose and debug on the asterisk, but I see
nothing.
Is there a way to enable some sort of tls debugging on asterisk or
chan_pjsip?
PS: Side Question: Is there a way to specify media_encryption to be
optional? I try to solve one step at the time :-)
Mit freundlichen Grüssen
-Benoît Panizzon-
--
I m p r o W a r e A G - Leiter Commerce Kunden
______________________________________________________
Zurlindenstrasse 29 Tel +41 61 826 93 00
CH-4133 Pratteln Fax +41 61 826 93 01
Schweiz Web http://www.imp.ch
______________________________________________________
More information about the asterisk-users
mailing list